Threat Analytics Search Extension Update for RSA Security Analytics/NetWitness


RSA recently updated NetWitness and changed the product name to Security Analytics. NetWitness used a Windows-based client for investigation of network sessions. Security Analytics adds the ability to conduct investigations via a new web interface. Many other security tools (SIEM, IPS, threat feeds, etc.) use a web interface. Critical Start just released version 3 of our Threat Analytics Search extension for Chrome that allows integration of 3rd party (web GUI) security tools with RSA Security Analytics.


It’s only available in Chrome because we think that is the most secure browser. The Chrome Extension can be added from the Google Chrome Store at If you aren’t familiar with the extension, it can be summarized as a:

Tool for security analysts, malware hunters, and incident responders that allows the use the of right-click menu in Chrome to conduct single or group searches for selected text such as file hash, IP address, or domain. The extension reduces time analysts spend visiting the same websites repeatedly to gather information about IP addresses, websites, file hashes, and domains.

The SA web GUI is shown below.  The extension will automatically configure if you copy and paste the base investigation URL as shown below.  For a manual configuration you will need the fully qualified domain name (IP address), HTTP or HTTPS, and device ID.



Paste the URL in the text box shown below highlighted in yellow.


You can create your own pivots (queries) or just use the defaults Critical Start supplied.


An example of the extension in action can be seen in the screen shot below showing FireEye integration with Security Analytics.  The Critical Start integration with FireEye and Security Analytics works much better than what is provided by the vendors.


Hundreds of companies are using our tool.  We hope you like it!  If not, give us some feedback at